Why read this? If your organization receives, oversees, or does business with any recipients of the almost trillion dollars in annual federal grant funds, you need to understand the landscape and the inherent risks. Compliance starts with a firm grasp of the facts.
Federal grants
Federal grants are one of the most important tools of the American government. They are used to address virtually every challenge we face in our communities, including domestic violence and other crimes, healthcare, homelessness, cleaning up environmental hazards, building better transportation infrastructure, and caring for those who cannot care for themselves. Grants are also used to stimulate exciting and groundbreaking research in medicine (think: an urgently needed vaccine), physics, engineering, psychology, alternative energy, sociology, the universe, national defense, and much more.
One central component of all grants is that they are awarded for the “public good”—that is, they are intended to benefit the community at large—directly or indirectly—not an individual person or entity. These are your taxpayer dollars being spent to benefit all of us.
For context, in fiscal year 2022, the federal government directly awarded more than 500,000 grants and cooperative agreements totaling $1.1 trillion. Of that amount, some $740 million was awarded by the U.S. Department of Health & Human Services, for which over $613 million was for Centers for Medicare & Medicaid Services grants to states and territories.[1] Cooperative agreements differ from grants in that in a cooperative agreement, the government remains involved in the performance of the program. In a grant, they do not. For this article, we will use the term grant, although all the same principles and risks apply equally to cooperative agreements.
For scale, consider that pre-pandemic, the federal government annually always spent below a trillion dollars in grants; for example, in fiscal year 2019, $728 billion was disbursed as grants. The pandemic, of course, saw dramatic increases in grant funding. Specifically, the Coronavirus Aid, Relief, and Economic Security Act, the American Rescue Plan, the Infrastructure Investment and Jobs Act, the Inflation Reduction Act, and the CHIPS and Science Act made well over a trillion dollars available in new grant funding.
The bottom line is that grant funding positively impacts all of us, whether we realize it or not. Grant dollars improve lives, help us better understand our world, and improve society. They matter. However, there are inherent fraud and other compliance risks that compliance professionals must consider.
The grants process
The federal grants process is grounded in Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance).[2] Additionally, each of the 26 federal agencies that award grants has its own financial and programmatic guides, and many have different guides for different program offices. The Uniform Grants Guidance and the agency guides provide a framework for granting agencies, applicants, and award recipients regarding allowable costs, data reporting requirements, and a wide range of other compliance issues.
Most grant dollars are awarded to units of state, local, and tribal governments who, in turn, subgrant funds to other entities. Federal agencies also make direct awards to nonprofits, for-profit entities, individuals, institutions of higher education, as well as tribes and other units of government.
The process to apply for and receive a grant varies by program but always involves an application, certifications that the applicant meets program criteria, and a formal award letter that requires certifications that the recipient accepts the award and will abide by the terms and conditions. Granting agencies are required to conduct pre-award risk assessments and other due diligence to mitigate the risk that taxpayer dollars might be misused.
For most programs, once an award is made, recipients gain access to funds as needed. Often called a drawdown, recipients request reimbursement for program-related expenses or immediately pending expenses such as payroll. Every dollar drawn down by a recipient should be supported by documentation at the recipient level that the claim is for a legitimate, reasonable, allowable, and allocable expense. However, granting agencies do not routinely ask to inspect these records absent an agency monitoring visit or another oversight activity.
One critical fact about federal grants is that (with one exception) they do not allow a profit. In other words, every dollar claimed by a recipient must be for a legitimate, allowable, allocable, and reasonable expense such as a rent payment, payroll, or the purchase of a good or service. Another way to look at it is that an income statement for a grant-funded activity should show zero net income. Every dollar in should go out to pay for a program-related expense. Awards related to the Small Business Innovation Research (SBIR) and Small Business Technology Transfer Research (STTR) programs typically allow for profit. This profit is outlined in the grant agreement. Some federal agencies award SBIRs and STTRs as contracts, not grants; therefore, the Federal Acquisition Regulation, not the Uniform Guidance, applies to those awards.
Process safeguards
Key to understanding the compliance risks associated with federal grants is to remember that the process is largely an integrity-based system. While granting agencies are required to conduct pre-award risk assessments and ongoing monitoring of taxpayer dollars, the system relies heavily on recipients to have and maintain a robust system of internal controls. Audits by a federal office of inspector general or a Single Audit Act/A–133 audit by independent accountants are additional mechanisms in place to help protect these funds. However, as with all safeguards, a determined fraudster or an organization that acts negligently can seriously hamper or literally cancel out attempts at safeguarding funds.
Fraud and other compliance risks
So, what can go wrong? One way to look at grant fraud and other compliance risks in these programs is to consider the Venn diagram in Figure 2.
Over more than 25 years of investigating grant fraud, I can unequivocally state that grant fraud schemes are almost always predictable and, therefore, preventable.
Most compliance issues involve one or more than one of the following:
-
Making false statements to obtain funds, about what was done with the funds, or about compliance with the award terms and conditions;
-
Engaging in undisclosed conflicts of interest, such as nepotism or steering a no-bid contract to a related party; and
-
A wide variety of theft or embezzlement schemes often involve falsified work hours, misusing an organization’s credit or debit card or manipulating a payroll system.
Regarding the first risk, recipients of award funds agree to comply with a plethora of terms and conditions. Table 1 highlights some of the more common such promises. Each requires careful review to ensure recipients have both controls in place to confirm compliance as well as a mechanism to validate and test those controls to ensure they are working as designed.
|
|
For example, a challenge for some recipients is properly tracking their use of funds or maintaining adequate supporting documentation related to accounting entries. Another common challenge relates to procurement. Recipients must be able to provide adequate documentation for all procurement actions, including the who, what, where, when, how, and how many questions for each transaction. Special attention should be paid to any transactions related to individual consultants, as this area has a higher risk of abuse. Ensuring a recipient can easily answer the above questions related to any consulting agreements or payments is a solid way to prevent issues or detect them early.
Recipients should also be aware of several different potential conflicts of interest issues: personal, organizational, and procurement related. Recipients are bound by the conflict-of-interest policy of their awarding federal agency (they each have their own) and are required by 2 C.F.R. § 200.112 to “disclose in writing any potential conflict of interest to the Federal awarding agency or pass-through entity in accordance with applicable Federal awarding agency policy.”
Additionally, recipients—especially for-profit entities—should be aware of intercompany transactions or other scenarios that outsiders might view as unfair or ill-advised. Finally, procurement actions present distinctive challenges as recipients and a vendor can improperly collude in the procurement process, a vendor could conspire with another vendor, or a recipient could award a sham no-bid contract in exchange for a kickback. Corrupt behavior, like accepting a bribe, is the ultimate conflict of interest and always an area of risk.
Lastly, as we all know, theft (also known as asset misappropriation) is the number one fraud risk for most organizations, including those funded by federal grants. Theft schemes are limited only by the creativity and boldness of the perpetrator.
Prevention measures
What can compliance professionals do about all of this?
First, recognize that recipients have an affirmative duty to exercise due care when handling these federal funds and have potential criminal, civil, and administrative liability if they fail to meet their obligations. Claims for payment, narrative progress reports, financial status reports, procurement actions, etc., require clear processes, trained personnel, and appropriate due diligence and documentation.
Additionally, recipients are bound by 2 C.F.R. § 200.113, Mandatory Disclosures, which states, “The non-Federal entity or applicant for a Federal award must disclose, in a timely manner, in writing to the Federal awarding agency or pass-through entity all violations of Federal criminal law involving fraud, bribery, or gratuity violations potentially affecting the Federal award.” In other words, recipients are wise to prevent and deter fraud issues because they must be reported once identified.
Perhaps the best way to begin might be by gaining an understanding of the scope of your grant-funded operations and how many different federal agencies have given awards to your organization. Reviewing terms and conditions and award documents can be eye-opening as well. Just what has the organization promised to do? Are we doing these things? Have audit reports flagged related compliance issues in your organization? If so, have those issues been appropriately addressed?
A formal risk assessment can help organize the landscape. Research universities, for example, would be well served to flag research security—the risks associated with foreign governments trying to steal US-funded research or other intellectual property, often by co-opting professors and students with ties to a foreign country—as an issue that requires a coordinated and well-documented approach. In January 2022, the White House issued National Security Presidential Memorandum–33, which outlines a whole government approach to addressing research security issues.[3] This is an important document for compliance professionals to understand if their role involves overseeing research grants.
All recipients should pay attention to requirements to maintain adequate documentation of costs, especially those related to time and effort and procurements—two areas that often cause issues when put under scrutiny.
Compliance professionals should also consider how to best train and educate various process stakeholders to ensure they are aware of their personal as well as the organization’s obligations under a grant agreement. Do these stakeholders understand that grant awards might have particular rules or disclosure requirements? For example, time and effort reporting under a grant agreement may require special procedures. Does the organizational culture encourage employees to flag issues and see expert guidance to ensure compliance?
Finally, as with all risk areas, compliance professionals should review the existing internal control structure for solid design and implementation, especially controls related to credit and gift cards and procurement actions—specifically focusing on sole source actions and consultants—payroll, drawdowns, and financial certifications.
Keys to success
Federal grants impact everyone and have special requirements for recipients. Entities who receive or oversee these funds, or those who do business with a recipient, need to understand the nuances. Compliance professionals would be wise to understand the overall grants process, the fraud, and other compliance risks—some unique, some not so unique—and the measures they can take to help prevent or flag early fraud and other compliance issues.
The opinions expressed in this article are those of the author and do not necessarily represent the views of the federal government.
Takeaways
-
Grants matter.
-
Fraud and other compliance risks are generally “predictable.”
-
Recipients have an affirmative duty to prevent and report fraud.
-
Prevention is the way.
-
Training and awareness are keys to success.